System, Device and Method for Interoperability Between Different Digital Rights Management Systems

ABSTRACT

A system, device and method for allowing protected content to be transferred to end user communication devices that support different digital rights management (DRM) formats or schemes than the DRM format of the content provider. The method includes providing a Limited Rights Issuer (LRI) that issues content and associated digital rights to one or more of the end user devices within a domain defined by a Domain Authority with which the LRI has registered. The Limited Rights Issuer also translates content and associated digital rights information from the DRM format of an upstream DRM system to the DRM format of a downstream DRM system, which includes the end user devices within the defined domain. The system allows select end user devices to enjoy interoperability of content protected under different DRM schemes, while allowing content providers to still maintain a suitable level of DRM protection for their content.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates to digital rights management systems andcommunication devices that receive protected content from such systems.More particularly, the invention relates to methods, devices and systemsfor allowing end user communication devices to access protected contentregardless of which type of digital rights management system issued thedigital rights to the protected content and which type of digital rightsmanagement system the communication devices support.

2. Description of the Related Art

Many conventional systems and methods exist for transferring digitalinformation from content providers to various end user communicationdevices. Digital information includes video content, such as movies andprogramming events, music, and other digital information suitable fortransfer from one or more content providers. End user communicationdevices include set-top boxes and residential gateways, and mobilecommunication devices, such as personal digital assistants (PDAs) andsmart phones. Typically, systems and methods for transferring digitalinformation to various end user communication devices involve some sortof digital rights management (DRM) format or scheme that usuallyincludes encrypting the content to be transferred and providing one ormore decryption keys to authorized users or user devices for decryptingthe encrypted content.

Different DRM systems and corresponding DRM formats exist for protectingcontent transmitted to various end user communication devices. Forexample, current DRM formats or schemes include Windows Media DRM,Motorola Internet Protocol Rights Management (IPRM), and one or more DRMschemes according to or specified by the Open Mobile Alliance (OMA).Conventionally, protected content and associated digital rights andlicenses issued from one DRM scheme are not compatible with differentDRM formats or schemes and their supporting devices. Therefore, for anend user, protected content from a content provider is accessible onlyby end user communication devices that support or are compatible withthe particular DRM format of the content and the associated digitalrights and licenses. Thus, for example, an end user who purchaseddigital content using their set-top box may not be able to access thatparticular content using their PDA or smart phone, unless the PDA iscompatible with the DRM scheme supported by the set-top box.

Conventional systems and methods either do not allow such transfer orrequire relatively large infrastructure support and/or processingcapability, at both the transmitting and receiving ends of the system.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a digital rights management system forproviding content interoperability between different digital rightsmanagement schemes;

FIG. 2 is a block diagram of a Limited Rights Issuer (LRI) device foruse in a system for providing content interoperability between differentdigital rights management schemes; and

FIG. 3 is a flow chart that schematically illustrates a method forproviding content interoperability between different digital rightsmanagement schemes.

DETAILED DESCRIPTION

In the following description, like reference numerals indicate likecomponents to enhance the understanding of the systems, devices andmethods for providing content interoperability between different digitalrights management schemes through the description of the drawings. Also,although specific features, configurations and arrangements arediscussed herein below, it should be understood that such specificity isfor illustrative purposes only. A person skilled in the relevant artwill recognize that other steps, configurations and arrangements areuseful without departing from the spirit and scope of the invention.

The systems, devices and methods described herein are directed to theinteroperability of digital rights management (DRM) content across enduser devices that support different DRM protection formats or schemes.Content and associated rights and license terms formatted and providedby an upstream DRM system are made available to one or more end usercommunication devices in a downstream DRM system, regardless of theparticular DRM formats or schemes supported by either the upstream DRMsystem provider and the downstream end user communication devices. Thesystems and methods also can define or establish a select domain ofdownstream end user communication devices that are able to sharelicenses, thus allowing interoperability to occur only among downstreamend user communication devices within the established domain. Therefore,select end user communication devices can enjoy interoperability ofcontent protected under different DRM schemes, while content providerscan still maintain a suitable level of DRM protection for their content.The downstream system includes a Domain Authority (DA), which managesthe domain of the end user communication devices suitable for receipt ofprotected content. The downstream system also includes a Limited RightsIssuer (LRI), which is responsible for issuing licenses and otherdigital rights to one or more of the end user communication devices.

Most systems for transferring digital information to various end usercommunication devices involve some sort of DRM format or scheme toprotect the content being transferred. A DRM scheme usually includesencrypting the content to be transferred and providing one or moredecryption keys to authorized users or user devices for decrypting theencrypted content. Conventionally, decryption keys exist in manydifferent forms and can be delivered to and obtained by authorized usersand/or user devices in various ways. Often, content decryption involvesobtaining a succession of decryption keys, with the availability of eachkey depending on the acquisition of a previous key. Such encryptiontypically involves a tiered keying scheme, where high-level or high-tierkeys are used to obtain mid-tier keys, and mid-tier keys are used toobtain low-tier keys.

As discussed previously, there is no one preferred or universal DRMformat or scheme that is accepted across or compatible with allplatforms within a given content distribution system. End users maypossess several communication devices for receiving and processingcontent, each of which may use a different DRM format or system forcontent protection. Also, end users may desire to transfer contentbetween communication devices that use different DRM formats or schemes.Conventional systems and methods either do not allow such transfer orrequire a relatively great amount of additional infrastructure supportand/or processing capability, usually at both the transmitting andreceiving ends of the system. Such requirements increase costs andreduce efficiency within the various conventional content distributionsystems.

Referring now to FIG. 1, shown is a block diagram of a digital rightsmanagement system 10 for providing content interoperability betweendifferent digital rights management schemes. The system 10 includes acontent source or provider 12, a content digital rights issuer 14associated with the content provider 12, a network 16 coupled to thecontent provider 12 and/or the digital rights issuer 14, and an upstreamdistribution system 18 coupled to the network 16. The content provider12, the digital rights issuer 14, the network 16 and the upstreamdistribution system 18 are part of an upstream system or an upstream DRMsystem, which, in general, is the DRM system or portion of the DRMsystem in which the content originates or from which the content isdistributed.

The system 10 also includes a Limited Rights Issuer (LRI) 22 and aDomain Authority (DA) 24, both of which can be part of a downstreamdistribution system, shown generally as 26, which is coupled to theupstream distribution system 18. As will be discussed in greater detailhereinbelow, the LRI 22 translates upstream licenses and protectedcontent and issues licenses and other digital rights to one or more ofthe end user communication devices in the downstream system. Translationis the process that takes upstream licenses and protected content andmakes that information available in the downstream DRM system. Thus, atleast functionally, the LRI 22 also can be considered to be part of theupstream DRM system, or at least straddling the upstream and downstreamsystems. Also, as will be discussed in greater detail hereinbelow, theDA 24 defines and manages the “domain,” which is the set of end usercommunication devices that are allowed to share Domain Licenses. Enduser communication devices in the same domain share a key.

The system 10 also includes a network 28 that couples the downstreamdistribution system 26 to one or more end user communication devices 32,34 and 36. The downstream distribution system 26, the network 28 and theend user communication devices 32, 34, 36 are part of a downstreamsystem or downstream DRM system. In general, the downstream DRM systemis the DRM system or portion of the DRM system to which the protectedcontent is transmitted or distributed. As discussed, translation is theprocess that takes upstream licenses and protected content and makesthat information available in the downstream DRM system.

The system 10 also includes a Remote Authority (RA) 38, which provisionsthe LRI 22 with various digital rights issuance information, as will bediscussed in greater detail hereinbelow. Also, as will be discussed ingreater detail hereinbelow, the RA 38 can provision the DA 24 withdomain membership information for various end user communicationdevices. In general, the RA 38 can be part of or associated with thecontent provider 12, the digital rights issuer 14, and/or other suitableupstream DRM system component or components, although such is notnecessary. Alternatively, the RA 38 can be part of or associated withone or more downstream DRM system components.

The content source or provider 12 can be any suitable transmissionsource of DRM-protected content, including multimedia content. Forexample, the content provider 12 can be an over-the-air broadcaster,from a cable television plant, satellite service provider or othercontent service provider, such as a telephone system. The contentprovider 12 can be connected to the network 16 and/or the upstreamdistribution system 18 via any suitable connection, e.g., one or morecoaxial cables and/or optical fibers or optical fiber cables, includinga Hybrid Fiber Coaxial (HFC) cable system. Other suitable connectionsinclude suitable Fiber To The Premises (FTTP) systems, such as Fiber ToThe Curb (FTTC) or Fiber To The Home (FTTH), or over any suitable numberof digital subscriber line systems (xDSL). Also, the content provider 12can provide DRM-protected content wirelessly, e.g., viaover-the-air-broadcast from a satellite service provider or othersuitable content service provider.

The content provided by the content provider 12 can be any multimediacontent, including DRM-protected content, that is suitable fortransmission to one or more end user communication devices. For example,multimedia content can include broadcast video, including movies,programming events, music and/or other multimedia content that isdistributed, e.g., as one or more programming streams from the contentprovider 12 or other suitable content source. The multimedia contenttypically is a plurality of digital signals formatted according to asuitable standard, such as the MPEG (Moving Picture Experts Group) 2 orMPEG 4 standard, and multiplexed into a data stream that is modulated ona carrier using quadrature amplitude modulation (QAM) or other suitablemodulation technique.

The digital rights issuer 14 can be any suitable system component,element and/or portion of the content provider 12 that is suitable forgenerating and/or providing content protection information associatedwith content provided by the content provider 12. In general, contentprotection information includes licenses and any other digital rightsissuance information that enables the use of associated content underspecified conditions. For example, content protection information caninclude privileges, permission and/or constraints regarding access toits associated content by one or more end user communication devices.Specific content protection information will be discussed hereinbelow.

One or more of the network 16, the upstream distribution system 18, thedownstream distribution system 26 and the network 28 can be anycommunication network or network server arrangement suitable fortransmitting DRM-protected content and associated rights issuanceinformation between the content provider 12 (and rights issuer 14) andone or more of the end user communication devices 32, 34, 36. Forexample, one or more of the network 16, the upstream distribution system18, the downstream distribution system 26 and the network 28 can be orinclude a cable television network, the Internet or an Internet protocol(IP) based or other packet-based network, or other suitable publicnetwork, including a telephone network. Also, one or more of the network16, the upstream distribution system 18, the downstream distributionsystem 26 and the network 28 can be or include a computer network, aweb-based network or other suitable wired or wireless network or networksystem. Thus, one or more connections between any one or more of thenetwork 16, the upstream distribution system 18, the downstreamdistribution system 26 and the network 28 can be or include one or morecoaxial cables and/or optical fibers, including a Hybrid Fiber Coaxial(HFC) cable system, one or more Fiber To The Premises (FTTP) systems,such as Fiber To The Curb (FTTC) or Fiber To The Home (FTTH), over anysuitable number of digital subscriber line systems (xDSL), and/orwirelessly.

One or more of the end user communication devices 32, 34, 36 can be anysuitable end user communication device configured to receive, process,store, display and/or otherwise execute or consume DRM-protected contentand/or associated rights issuance information. For example, one or moreof the end user communication devices can be any signal converter ordecoder (set-top) box, including set-top boxes with internal and/orexternal recording capabilities and local and/or remote storage, whichoften are referred to as personal video recorder (PVR) devices, digitalvideo recorder (DVR) devices and/or digital video server (DVS) devices.Other suitable end user communication devices include residentialgateways, home media server systems, digital video disk recorders,computers, televisions with built-in or added-on content receiving andstoring capability, and/or other suitable computing devices or contentdevices, including internet protocol (IP), satellite and cable digitalvideo recorders, and home area network (HAN) devices and systems. Also,one or more of the end user communication devices can be mobilecommunication devices, such as cellular telephones, smart telephones(smartphones), personal digital assistants (PDAs), digital music players(e.g., MP3 players), portable video players and/or other handheld mobiledevices, media players in automobiles, laptop personal computers (PCs),notebook PCs and/or other mobile computing devices.

Each of the end user communication devices 32, 34, 36 typically includesa DRM agent (not shown), which is configured to obtain, e.g., from theLRI 22, downstream content licenses and/or other rights issuanceinformation for items of content. The DRM agent also manages theauthentication/verification of the downstream content license for acontent item, the conditional access of the content item (e.g.,decryption), and the enforcement of the DRM permissions specified in thedownstream content license.

Referring now to FIG. 2, with continuing reference to FIG. 1, shown is ablock diagram of the Limited Rights Issuer (LRI) device 22 used in thesystem 10 for providing content interoperability between differentdigital rights management schemes. The LRI 22 can be partially orcompletely any suitable device or subsystem (or portion thereof) withinthe downstream distribution system 26 and/or the network 28 coupledthereto. In general, the LRI 22 is responsible for receiving licensesand other digital rights issuance information from the content providerand/or other components in the upstream portion of the DRM system andcontrolling the issuance of those licenses and digital rights to one ormore end user communication devices.

In conventional DRM systems, the functions performed by the LRI 22 inthe system 10 are performed typically by several rights issuance devicesand/or components within the upstream portion of the DRM system, e.g.,within content provider itself 12 and/or the rights issuer 14, and/orwithin the network 16 and/or the upstream distribution system 18.Conventional DRM systems and subsystems do not have a device like theLRI 22, much less such a device between the upstream and downstreamdistribution system portions of their DRM system. In the system 10, byhaving the LRI 22 and by having the LRI 22 between the upstream anddownstream distribution system portions of the DRM system, rightsissuance can be controlled sufficiently on behalf of the contentprovider within a system in a manner that also allows DRMinteroperability regardless of the DRM scheme of the issued content andthe DRM scheme supported by the end user communication device receivingthe DRM-protected content.

The LRI 22 includes a processor or controller 42, a DRM agent 44 coupledto the processor 42, a translator 46 coupled to the processor 42, and acontent storage element 48 coupled to the processor 42. In general, theprocessor 42 processes content and associated DRM information receivedby the LRI 22. In addition to the content storage element 48, theprocessor 42 can include at least one type of memory or memory unit (notshown) and a storage unit or data storage unit coupled to the processorfor storing processing instructions and/or information received by theLRI 22.

The DRM agent 44 is configured to receive content licenses and otherdigital rights issuance information from the upstream distributionsystem 18 for associated content. As discussed generally hereinabove,the DRM agent 44 manages the authentication or verification of thecontent license for a content item, the conditional access of thecontent item (e.g., decryption), and the enforcement of the DRMpermissions and/or constraints specified in the content license. Suchinformation can be characterized as DRM data or DRM information.

The translator 46 converts or generates a converted version of thelicenses and/or other digital rights issuance information from a firstDRM format or scheme to at least one second DRM format or scheme. Forexample, the translator 46 translates DRM information issued accordingto the DRM format used by the content provider to the DRM formatsupported by the particular end user communication device to which theDRM information is being transferred, at least to the extent that suchDRM formats or schemes are different and/or incompatible.

The LRI 22 also can include one or more input and/or output interfacesfor receiving and/or transmitting content and associated DRMinformation. For example, the processor 42 and other components in theLRI 22 can be coupled between a first or input interface 52, whichreceives content and associated DRM information from the upstreamdistribution system 18, and one or more second or output interfaces 54,56, which transfer processed content and associated DRM information,including stored content and associated DRM information, to the domainauthority 24 and to one or more end user communication devices,respectively. It should be understood that one or more of the interfaces52, 54, 56 can be a single input/output interface coupled to theprocessor 42. Also, it should be understood that one or more of theinterfaces 52, 54, 56 can be an interface configured to support morethan one content provider and/or end user communication device.

One or more of the processor 42, the DRM agent 44, the translator 46,the content storage element 48 and the interfaces 52, 54, 56 can becomprised partially or completely of any suitable structure orarrangement, e.g., one or more integrated circuits. Also, it should beunderstood that the LRI 22 includes other components, hardware andsoftware (not shown) that are used for the operation of other featuresand functions of the LRI 22 not specifically described herein.

The LRI 22 can be partially or completely configured in the form ofhardware circuitry and/or other hardware components within a largerdevice or group of components. Alternatively, the LRI 22 can bepartially or completely configured in the form of software, e.g., asprocessing instructions and/or one or more sets of logic or computercode. In such configuration, the logic or processing instructionstypically are stored in a data storage device, e.g., the content storageelement 48 or other suitable data storage device (not shown). The datastorage device typically is coupled to a processor or controller, e.g.,the processor 42. The processor accesses the necessary instructions fromthe data storage device and executes the instructions or transfers theinstructions to the appropriate location within the LRI 22.

With respect to the content storage element 48, the LRI 22 may haveaccess to a hard drive or other storage element for recording streams ofmultimedia content, such as video streams broadcast from the multimediacontent source. However, the content storage element 48 can be anysuitable information storage unit, such as any suitable magnetic storageor optical storage device, including magnetic disk drives, magneticdisks, optical drives, optical disks, and memory devices, includingrandom access memory (RAM) devices and flash memory. Also, although thecontent storage element 48 is shown within the LRI 22, the contentstorage element 48 can be located external to the LRI 22 and suitablycoupled thereto.

Referring now to FIG. 3, with continuing reference to FIG. 1 and FIG. 2,shown is a flow chart that schematically illustrates a method 60 forproviding content interoperability between different digital rightsmanagement formats or schemes. As discussed previously herein, manydifferent DRM formats or schemes exist for protecting content. Such DRMformats or schemes include the Internet Protocol Rights Management(IPRM) format specified by Motorola, one or more Windows Media DigitalRights Management (WMDRM) formats specified by Microsoft Corporation,and one or more OMA DRM formats according to or specified by the OpenMobile Alliance (OMA). The method 60 will be described using an examplein which the content provider 12 issues content and associated digitalrights management information in the IPRM DRM format and at least one ofthe end user communication devices 32, 34, 36 supports the OMA DRMformat. It should be understood that the content provider 12 can issuecontent and associated digital rights management information in oraccording to other DRM formats, and one or more of the end usercommunication devices 32, 34, 36 can receive content and associateddigital rights management information in or according to other DRMformats.

In the OMA DRM scheme, content licenses are referred to as rightsobjects (ROs). Each RO is specific to an item of content and either anindividually identified downstream end user communication device or anidentified domain of downstream end user communication devices. Thedownstream end user communication devices may obtain ROs from rightsissuers (RIs), such as the content digital rights issuer 14, althoughROs need not necessarily be generated or distributed by an RI. However,according to the method 60, the LRI 22 functions as a rights issuer onbehalf of the content digital rights issuer 14. More specifically, theLRI 22 is configured to generate and issue “translated” licenses or ROsthat are equivalent to the ROs issued by the content digital rightsissuer 14 and received by the LRI 22, as will be discussed in greaterdetail hereinbelow.

In general, in operation of the method 60, the Domain Authority (DA)provides domain management in the downstream DRM system. End usercommunication devices can be added to the domain of devices withcommunication required only between the additional downstreamcommunication device and the DA. Unlike conventional systems, there isno need to re-issue digital rights certificates or other information toexisting end user communication devices within the domain. Furthermore,the DA makes sure that access to protected content is available only toend user devices within the domain. In this manner, the DA can operateon behalf of the upstream content provider.

The method 60 includes a step 62 of provisioning the Limited RightsIssuer (LRI) 22, e.g., by the Remote Authority (RA) 38 or other suitablesystem component. As part of the provisioning step 62, the RA issues(i.e., creates and assigns) the LRI 22 with several pieces of DRMinformation, including an OMA Rights Issuer (RI) Certificate, which canbe defined as Cert(LRI). The OMA RI certificate Cert(LRI), which is usedto establish identity, should identify the OMA domain to which the LRIbelongs (e.g. within the conventionally-established OMA <domainID>field). The RA 38 also provisions the LRI 22 with a private keycorresponding to the OMA RI Certificate, as well as the identifier andthe uniform resource locator (<riURL>) of the DA 24, e.g., in theconventionally-established OMA fields <riID> and <riURL>, respectively.As part of the provisioning step 62, a provisioning protocol is executedbetween the LRI 22 and the RA 38. As a result of the execution of theprovisioning protocol, the provisioning information is securelycommunicated to the LRI 22 and installed thereon.

Alternatively, the method can also include a step 64 of provisioning theDA 24. For example, a back-end mechanism can establish a meta-domainmembership list, which is the association between the LRI 22 and the setof devices that will be able to share translated content, e.g., the OMAdevices 32, 34, 36 in this example. The membership list can becommunicated from the RA 38 to the DA 24 in any suitable manner, e.g.,via a secure authenticated mechanism. It should be understood that ifthe RA 38 does not communicate the meta-domain membership list to the DA24, the DA 24 can use other information, such as billing records, todetermine the membership of the meta-domain.

The method 60 includes a step 66 of registering the LRI 22 with the DA24. Upon startup (or some other trigger), the LRI 22 initiates aregistration protocol, e.g., an OMA registration protocol, with the DA24. Within the downstream distribution system 26, the DA 24 is runningon the OMA Rights Object Acquisition Protocol (OMA ROAP) server.

As discussed hereinabove, as part of the provisioning step 62, the LRI22 has been provisioned with the URL of the DA 24. Once the LRI 22 hasbeen successfully ROAP registered, the LRI 22 executes the ROAP JoinDomain protocol. The OMA domain to which the LRI is requestingmembership (OMA <domainID>) has been provisioned in the LRI 22 by theprovisioning step 62. Successful execution of the ROAP Join Domainprotocol results in a domain key (e.g., K_d) being sent to the LRI 22.The LRI 22 will use the key when generating “equivalent” licenses forthe translated content, as will be discussed hereinbelow. Alternatively,the LRI 22 can be pre-provisioned with the domain key.

The method 60 includes a step 68 of translating content and associatedDRM information. As part of the step 68, the OMA end user communicationdevice of interest connects to the LRI 22 in a suitable manner, e.g.,via the network 28, and identifies itself as being an OMA client devicerequesting content. Within the LRI 22, the controller 42 initiates thetranslation of the requested content that is either stored on the LRI 22and/or available to the LRI 22, e.g., from the upstream distributionsystem 18.

To translate the requested content, the LRI translator 46 initiallyparses the protected content (e.g., the IPRM protected content) andgenerates an OMA DRM Content Format (DCF), which identifies the DA 24 asthe Rights Issuer. To successfully identify the DA 24 as the RightsIssuer, the <riURL> field must identify the Domain Authority URL thatwas provisioned in the LRI 22 as part of the provisioning step 62.

The LRI translator 46 next generates a Domain RO equivalent of thecontent license, e.g., the IPRM license. The Domain RO is signed by theLRI 22. As discussed hereinabove, the <riID> field and the <riURL> fieldin the Domain RO identify the Domain Authority, i.e., the DA 24.However, the Domain RO may include another field to identify the licenseas a “translated” license. According to the method 60, the license isidentified as a translated license so that the signature validationalgorithm in the content-requesting end user communication device canvalidate the authenticity of the license against the LRI certificate(i.e., the certificate of the issuer of the translated license) insteadof the Domain Authority certificate, as would be done in conventionalsystems.

Next, the LRI 22 passes the OMA DCF and the Domain RO to the OMA client,i.e., the end user communication device requesting content. The OMA DCFand the Domain RO information is passed to the end user communicationdevice using any suitable means of information transport that isavailable, e.g., using Universal Serial Bus (USB) mass storage. Forconvenience, the Domain RO can be embedded in the OMA DCF, rather thantransferred as separate information.

Finally, the LRI 22 transfers or pushes the Domain RO equivalent of thecontent license (i.e., the LRI certificate) to the content-requestingend user communication device. As with the OMA DCF and the Domain RO,the LRI certificate is transported to the end user communication deviceusing any suitable means of information transport available.

The method 60 includes a step 72 of the content-requesting end usercommunication device installing the translated domain RO. The end usercommunication device initially validates the received LRI certificate.Once it has validated the LRI certificate, the end user communicationdevice processes the domain RO, e.g., in a conventional manner, with afew exceptions. First, when verifying the domain RO signature (i.e., theauthenticity of the domain RO), the end user communication deviceverifies the domain RO signature against the LRI certificate rather thanthe DA certificate, as would be done in a conventional system. Second,the end user communication device also verifies that the domain RO hasbeen issued for a domain that is identified in the LRI certificate,e.g., via the OMA <domainID> field.

It should be understood that processing the domain RO by the end usercommunication device may result in the end user communication deviceinitiating the OMA ROAP Registration protocol and then the ROAP JoinDomain protocol with the DA 24. That is, the content-requesting end usercommunication device may request the DA 24 that the communication devicebe allowed to join (or leave) the domain of end user communicationdevices allowed to received the requested content. The OMA domain towhich the LRI 22 requests membership is identified in the RO. When theDA 24 receives a request by an end user communication device to join the“meta-domain,” the DA 24 determines if the requesting end usercommunication device should be permitted to join the meta-domain. Suchdetermination can be made by consulting the membership list that wasprovided to the DA 24 during registration (i.e., step 66).Alternatively, as discussed previously herein, such determination can bemade by consulting some back-end mechanism, such as billing records orother suitable information.

The method 60 includes a step 74 of the content-requesting end usercommunication device accessing the translated content. Such access canbe performed, e.g., in a conventional manner. For example, typically,the end user communication device includes a processor or controller(not shown) and an input interface (not shown) for receiving thetranslated content and transferring the received content to theprocessor. The end user communication device also may include one ormore other receiving components (not shown), such as a radio frequency(RF) tuner, a QAM demodulator, an MPEG stream demultiplexor and aconditional access decryptor or decrypting module.

The method 60 can also include a step 76 of the (first)content-requesting end user communication device sharing accessedcontent with other (second) content-requesting end user communicationdevices within the defined domain. The sharing step 76 includes thefirst end user communication device sending the domain RO, the DCF andthe LRI certificate it has previously received and stored thereon to thesecond content-requesting end user communication device. The second enduser communication device then installs the domain RO, e.g., as per theinstallation step 72, described hereinabove. The second end usercommunication device then can access the translated content, e.g., asper the access step 74, described hereinabove.

As discussed hereinabove, conventional DRM systems do not have a devicelike the LRI 22 in the upstream or downstream distribution systemportions of their DRM system. Therefore, functions performed by the LRI22 in the system 10 are performed in conventional DRM systems by one ormore rights issuance devices and/or components within the contentprovider itself and/or within the right issuer itself. In the system 10,the LRI 22 allows rights issuance to be controlled sufficiently onbehalf of the content provider within a system that also allows DRMinteroperability regardless of the DRM scheme of the issued content andthe DRM scheme supported by the end user communication device receivingthe DRM-protected content.

The method shown in FIG. 3 may be implemented in a general,multi-purpose or single purpose processor. Such a processor will executeinstructions, either at the assembly, compiled or machine-level, toperform that process. Those instructions can be written by one ofordinary skill in the art following the description of FIG. 3 and storedor transmitted on a computer readable medium. The instructions may alsobe created using source code or any other known computer-aided designtool. A computer readable medium may be any medium capable of carryingthose instructions and includes random access memory (RAM), dynamic RAM(DRAM), flash memory, read-only memory (ROM), compact disk ROM (CD-ROM),digital video disks (DVDs), magnetic disks or tapes, optical disks orother disks, silicon memory (e.g., removable, non-removable, volatile ornon-volatile), packetized or non-packetized wireline or wirelesstransmission signals.

It will be apparent to those skilled in the art that many changes andsubstitutions can be made to the systems, devices and methods forproviding content interoperability between different digital rightsmanagement schemes herein described without departing from the spiritand scope of the invention as defined by the appended claims and theirfull scope of equivalents.

1. A method for processing content protected according to a firstdigital rights management format for access by at least one end usercommunication device configured to support a second digital rightsmanagement format, comprising the steps of: providing a Domain Authorityconfigured for defining and managing a domain of end user communicationdevices allowed to share at least a portion of the protected content;providing a Limited Rights Issuer configured for receiving content anddigital rights management information in the first digital rightsmanagement format and for issuing content and digital rights managementinformation in the second digital rights management format to at leastone end user communication device within the domain of end usercommunication devices defined by the Domain Authority; registering theLimited Rights Issuer with the Domain Authority in such a way that theLimited Rights Issuer is associated with the defined domain and issued adomain key, wherein the domain key allows the Limited Rights Issuer togenerate at least a portion of the digital rights management informationthat allows end user communication devices within the domain to accessprotected content; translating content and digital rights managementinformation in the first digital rights management format received bythe Limited Rights Issuer to content and digital rights managementinformation in the second digital rights management format; installingtranslated content and digital rights management information in thesecond digital rights management format from the Limited Rights Issuerto at least one end user communication device within the defined domain;and accessing the translated content in the second digital rightsmanagement format using the digital rights management information in thesecond digital rights management format by at least one end usercommunication device on which the translated content and associateddigital rights management information was installed.
 2. The method asrecited in claim 1, wherein the translating step includes the LimitedRights Issuer generating translated digital rights managementinformation in the second digital rights management format that isequivalent to the received digital rights management information in thefirst digital rights management format, and the Limited Rights Issuertransferring the translated content and the translated digital rightsmanagement information in the second digital rights management format tothe end user communication device.
 3. The method as recited in claim 1,further comprising the step of, prior to installing the translatedcontent, validating the authenticity of the digital rights managementinformation in the second digital rights management format received fromthe Limited Rights Issuer using an authenticity certificate generated bythe Limited Rights Issuer.
 4. The method as recited in claim 1, whereinthe Limited Rights Issuer generates an authenticity certificateidentifying the defined domain associated with the Limited RightsIssuer, and wherein the method further comprises the step of, prior toinstalling the translated content, verifying against the authenticitycertificate generated by the Limited Rights Issuer that the digitalrights management information in the second digital rights managementformat received from the Limited Rights Issuer has been issued for thedefined domain associated with the Limited Rights Issuer.
 5. The methodas recited in claim 1, wherein the registering step includes the LimitedRights Issuer initiating a registration protocol with the DomainAuthority, the Limited Rights Issuer initiating a request to join thedomain defined by the Domain Authority if the Limited Rights Issuer isallowed to register with the Domain Authority, and the Domain Authorityissuing a domain key to the Limited Rights Issuer if the Limited RightsIssuer is allowed to join the domain.
 6. The method as recited in claim1, further comprising the step of at least one end user communicationdevice requesting the Domain Authority that the end user communicationdevice be allowed to join the domain of end user communication devicesallowed to share at least a portion of the protected content.
 7. Themethod as recited in claim 1, further comprising the step ofprovisioning the Limited Rights Issuer with provisioning information,wherein the provisioning information includes digital rights managementinformation that allows an end user communication device to accesscontent protected by the digital rights management information.
 8. Themethod as recited in claim 6, wherein the provisioning step is performedby a Remote Authority coupled to the Limited Rights Issuer.
 9. Themethod as recited in claim 1, further comprising the step ofprovisioning the Domain Authority with domain membership information,wherein the domain membership information includes which end usercommunication devices are allowed to share at least a portion of theprotected content.
 10. The method as recited in claim 8, wherein theprovisioning step is performed by a Remote Authority coupled to theDomain Authority.
 11. A method for accessing protected content issuedfrom an upstream digital rights management system in a first digitalrights management format by at least one end user communication devicein a downstream digital rights management system and configured tosupport a second digital rights management format, comprising the stepsof: receiving, by the end user communication device, content and digitalrights management information that has been translated by a LimitedRights Issuer from the first digital rights management format to thesecond digital rights management format; receiving, by the end usercommunication device, an authenticity certificate from the LimitedRights Issuer, wherein the authenticity certificate is signed by theLimited Rights Issuer; validating the authenticity of the receivedtranslated digital rights management information in the second digitalrights format using the received authenticity certificate; if theauthenticity of the received translated digital rights managementinformation in the second digital rights format is validated, installingthe received translated digital rights management information in thesecond digital rights format; and accessing the received content in thesecond digital rights format using the installed translated digitalrights management information in the second digital rights format. 12.The method as recited in claim 11, further comprising the step of theend user communication device requesting a Domain Authority to allow theend user communication device to join a domain defined by the DomainAuthority, wherein the Limited Rights Issuer is registered with thedomain in such a way that the Limited Rights Issuer is allowed totransfer content and associated digital rights management information toend user communication devices within the domain.
 13. The method asrecited in claim 11, wherein the digital rights management informationreceived by the end user communication device includes a domain license,and wherein the validating step includes validating the domain licenseusing the authenticity certificate received from the Limited RightsIssuer.
 14. The method as recited in claim 11, wherein the authenticitycertificate identifying a defined domain of end user communicationdevices associated with the Limited Rights Issuer, and wherein thevalidating step includes verifying against the authenticity certificatethat the received digital rights management information in the seconddigital rights management format has been issued for the defined domainassociated with the Limited Rights Issuer.
 15. The method as recited inclaim 11, further comprising the step of the end user communicationdevice sharing the translated content and digital rights managementinformation with at least one other end user communication device in thedomain defined by the Domain Authority.
 16. A Limited Rights Issuancedevice for providing content protected according to a first digitalrights management (DRM) format to at least one end user communicationdevice configured to support a second digital rights management format,comprising: a processor configured to register the device with a DomainAuthority in such a way that the device is associated with a domaindefined by the Domain Authority of at least one end user communicationdevice in a downstream digital rights management system; a DRM agentcoupled to the processor for receiving content and digital rightsmanagement information in the first digital rights management formatfrom an upstream digital rights management system and transferring suchinformation to the controller; and a translator coupled to thecontroller for translating, in response to the processor registering thedevice with the Domain Authority, at least a portion of the content anddigital rights management information in the first digital rightsmanagement format to content and digital rights management informationin the second digital rights management format to produce translatedcontent and digital rights management information, wherein thetranslated content and digital rights management information isformatted in such a way that it accessible by at least one end usercommunication device within the domain of end user communication devicesdefined by the Domain Authority, wherein the device is configured toinstall the translated content and digital rights management informationto at least one end user communication device within the domain definedby the Domain Authority in response to a request by the end usercommunication device for access to the translated content and digitalrights management information.
 17. The device as recited in claim 16,wherein the device is configured to provide validation information forat least a portion of the digital rights management informationtransferred from the device to a first end user communication device, inresponse to a validation request by the first end user communicationdevice.
 18. The device as recited in claim 16, wherein the device isconfigured to register the device with the Domain Authority byinitiating a registration protocol with the Domain Authority, andwherein the device is configured to receive a domain key from the DomainAuthority if the device is allowed to join the domain defined by theDomain Authority.
 19. The device as recited in claim 16, wherein thedevice is configured to be provisioned with provisioning information bya Remote Authority coupled to the device, wherein the provisioninginformation includes digital rights management information that allowsan end user communication device to access content protected by thedigital rights management information.
 20. The device as recited inclaim 16, wherein the end user communication device is selected from thegroup consisting of a signal converter box, a signal decoder box, adigital video recorder, a digital video disk recorder, a personal videorecorder device, a home media server, a digital video server, aresidential gateway, a video receiver, a computer, a cellular telephone,a smart telephone, a personal digital assistant (PDA), a digital musicplayer, a portable video player, a wireless handheld device, a digitalcamera, a mobile communication device, a laptop personal computer (PC),a notebook PC and a mobile computing device.